0

I'm using Ubuntu 14.10, Apache 2.4. My server is under a huge DDoS attack right now, I tried to use mod_security , fail2ban and blocking attacking IPs manually using iptables and nothing worked.

The attackers are using "ApacheBench/2.3" to attack my apache2 server, they are sending huge requests to it, so is there anyway to block this tool and preventing it from sending requests to me?

Thanks.

Madno
  • 193
  • 2
  • 14
  • What do you mean by saying that "nothing worked"? You can use those tools to block requests from `ab` - did you try to configure them to block and the attackers evaded the blocks, or the requests didn't get blocked by the configurations you tried? – Shane Madden Mar 30 '15 at 17:03
  • Why didn't it work with iptables? Are they using more than one IP? – Christopher Perrin Mar 30 '15 at 17:03
  • @ShaneMadden I installed fail2ban and turned on apache_overload and the other modules, this should have banned all the new IPs they use automatically, but nothing happened. – Madno Mar 30 '15 at 17:21
  • @ChristopherPerrin Yes, they are using more than 1 IP, everytime i block their IPs, they use a new one to attack me. – Madno Mar 30 '15 at 17:21
  • @MHS Then it's likely the rate limiting tools were not configured and working correctly, you should work to determine what's broken there and try to get the tools working correctly. – Shane Madden Mar 30 '15 at 17:52
  • @ShaneMadden Well, the problem is that i didn't know how to block ApacheBench using one of these tools, do you have any URL for a page that explains this or something? – Madno Mar 30 '15 at 17:59
  • @MHS Understood! This should get you started: http://serverfault.com/questions/251988/blocking-apache-access-via-user-agent-string – Shane Madden Mar 30 '15 at 18:00
  • ApacheBench does the same as every other HTTP client. It is just optimized to measure the connections and reconnect fast. So blocking ApacheBench is like blocking any other client. – Christopher Perrin Mar 31 '15 at 00:15

1 Answers1

1

Thanks to the comments I've received on the question, I have managed to solve the problem, you just have to edit the /etc/apache2/sites-available/000-default.conf file (or any other conf file you use, depending on your case) and make sure it looks like this:

    SetEnvIfNoCase User-Agent "^ApacheBench/2.3" bad_bot
    <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride FileInfo
            Order allow,deny
            Allow from all
            Deny from env=bad_bot
    </Directory>

Save the file and exit, and run:

 sudo service apache2 reload
 sudo service apache2 restart

And that's it !

Madno
  • 193
  • 2
  • 14